NVD Vulnerability Detail

CVE-2006-6627

Summary	Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
Publication Date	Dec. 18, 2006, 8:28 p.m.
Registration Date	Jan. 29, 2021, 3:52 p.m.
Last Update	Oct. 18, 2018, 6:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:softwin:bitdefender:isa_server:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:::::::*
cpe:2.3:a:softwin:bitdefender_antivirus::::::::
cpe:2.3:a:softwin:bitdefender_antivirus:plus:::::::*
cpe:2.3:a:softwin:bitdefender_internet_security::::::::
cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:::::::*
cpe:2.3:a:softwin:bitdefender_online_scanner::::::::

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html	FULLDISC
2	http://secunia.com/advisories/23415	SECUNIA
3	http://securityreason.com/securityalert/2044	SREASON
4	http://securitytracker.com/id?1017389	SECTRACK
5	http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html	CONFIRM
6	http://www.securityfocus.com/archive/1/454501/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/bid/21610	BID
8	http://www.vupen.com/english/advisories/2006/5040	VUPEN
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/30904	XF

Common Vulnerabilities List

JVN Vulnerability Information

BitDefender 製品に同梱された PE ファイルの解析の実装における整数オーバーフローの脆弱性

Title	BitDefender 製品に同梱された PE ファイルの解析の実装における整数オーバーフローの脆弱性
Summary	BitDefender AntiVirus、BitDefender OnLine Scanner、BitDefender Interent Security、BitDefender Mail Protection などの BitDefender 製品に同梱された PE ファイルの解析の実装には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工されたファイルを介して、ヒープベースのバッファオーバフローを誘発され、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 18, 2006, midnight
Registration Date	Dec. 20, 2012, 6:02 p.m.
Last Update	Dec. 20, 2012, 6:02 p.m.

Affected System

softwin

bitdefender 20060829 未満

bitdefender antivirus 20060829 未満

bitdefender internet security 20060829 未満

bitdefender mail protection 20060829 未満

bitdefender online scanner 20060829 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6627	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6627
National Vulnerability Database (NVD)
2	CVE-2006-6627	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6627

ベンダー情報

No	Name	URL
softwin
1	Top Page	http://www.bitdefender.com/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:softwin:bitdefender:isa_server:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:::::::*
cpe:2.3:a:softwin:bitdefender_antivirus::::::::
cpe:2.3:a:softwin:bitdefender_antivirus:plus:::::::*
cpe:2.3:a:softwin:bitdefender_internet_security::::::::
cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:::::::*
cpe:2.3:a:softwin:bitdefender_online_scanner::::::::